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Remarks 

Claims 1, 2, 5, 7-9, 11-17, 20-25, and 29-35 are pending. 

Response to Arguments 

1, Applicant's arguments with respect to claims 1, 2, 5, 7-9, 11-17, 20-25, and 29-35 
have been considered but are moot in view of the new ground(s) of rejection. 

Claim Objections 

2, Claims 1, 5, 14, 15, 17, 22, 23, and 29 are objected to because of the following 
informalities: 

- Claim 1, line 5 refers to "an intermediate proxy server". The rest of claim 1 
refers to this proxy as "intermediary proxy server". Consistent use of either 
"intermediate" or "intermediary" is requested. In the rejections, the examiner 
has used "intermediary", since "intermediary proxy server" is used more often 
in the claims. 

- Claim 1 , 4 lines from the bottom, refers to "the service/ information content 
server". Since there has been no such server previously in the claim, this has 
been construed as "the service/information/content provider". 

- Claim 5 refers to "the second protocol", which should apparently read "the 
second communication protocol". 

- Claims 14 and 15 refer to "the user preferences relating to privacy level". 
Since such a limitation has not been seen previously in the in the claims from 
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which claims 14 and 15 depend, this limitation has been construed as "user 
preferences relating to privacy level". 

- Claims 17 and 22 refer to "the protection proxy server", which has not been 
seen in previous claims. For purposes of prior art rejection, this has been 
construed as "the protection server". 

- Claim 23, the final limitation states "allowing the service provider having 
acquired the protection server...". The examiner is unsure how a service 
provider acquires the protection server. Therefore, for purposes of prior art 
rejection, this portion has been construed as "allowing a 
service/information/content provider having accessed the protection server..." 

- Claim 29 refers to "the agreement", which has not been previously seen in the 
claims from which claim 29 depends. For purposes of prior art rejection, this 
has been construed as "an agreement". 

Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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3. Claims 1, 2, 5, 7-9, 11, 12, 20, 23, 24, 30, 31, and 33-35 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Steele (U.S. Patent 7,016,877) in view of 
Yasala (U.S. Patent Application Publication 2003/0188156). 
Regarding Claim 1, 

Steele discloses an arrangement for protection of end user 
personal profile data in a communication system including a number of 
end user stations and a number of service/information/content providers or 
holding means holding end user personal profile data, the arrangement 
comprising: 

An intermediary proxy server supporting a first communication 
protocol for end user station communication (Figure 8, numeral 105; and 
Column 7, line 46 to Column 8, line 24); 

A personal profile data protection server supporting a second 
communication protocol for communication with the intermediary proxy 
server and a third communication protocol for communication with one of 
the service/information/content providers, the personal profile data 
protection server further comprises an API allowing 
service/information/content provider queries/interactions, and storing 
means for storing end user specific data and end user personal profile 
data (Figure 8, numerals 102 and 108; Column 8, line 25 to Column 9, line 
57); 
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Wherein the service/information/content provider can request, via 
the API, personal profile data and in that personal profile data is delivered 
according to end user preferences or in such a manner that there is no 
association between the actual end user and the personal profile data of 
the end user (Column 9, line 42 to Column 10, line 52; and Column 12, 
lines 4-16); and 

Authentication via certificates and/or SSL (Column 8, lines 1-24); 

But does not explicitly disclose the personal profile data protection 
server having a protection certificate and the verification of such 
certificate. 

Yasala, however, discloses the personal profile data protection 
server having a protection certificate (Paragraphs 27-31); 

Means for providing published certificates to the intermediary proxy 
server (Paragraphs 27-31); and 

Wherein the intermediary proxy server further comprises means for 
verifying the genuinity of the protection certificate requested over the 
second communication protocol from the personal profile data protection 
server against a published certificate and, responsive to a verified genuine 
protection certificate of the personal profile data protection server, allowing 
authenticated communications to commence (Paragraphs 27-31). It 
would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the authentication and authorization 



Application/Control Number: 10/603,447 Page 6 

Art Unit: 2137 

system of Yasala into the trusted brokering system of Steele in order to 
provide strong mutual authentication and/or authorization of both entities 
such that a secure channel can be formed, while allowing each system to 
decide who it trusts and who it does not trust. 
Regarding Claim 2, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the first communication protocol is a 
secure protocol (Figure 8, numeral 105; and Column 7, line 46 to Column 
8, line 24). 
Regarding Claim 5, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Yasala discloses that the second communication protocol is a 
secure protocol (Paragraphs 27-31). 
Regarding Claim 7, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server is a HTTP 
proxy (Figure 8, numeral 105; and Column 7, line 46 to Column 8, line 44). 
Regarding Claim 8, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Yasala discloses that the intermediary proxy server comprises 
holding means for holding published certificates (Paragraphs 25-31). 
Regarding Claim 9, 
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Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Yasala discloses that the intermediary proxy server is in 
communication with external holding means holding published certificates 
(Paragraphs 22, 23, and 27-31). 

Regarding Claim 11, 

Steele as modified by Yasala discloses the arrangement of claim 1, 
in addition, Steele discloses that the intermediary proxy server is located 
within an intranet or at the operator's premises (Figure 8, numeral 105; 
and Column 7, line 46 to Column 8, line 24). 

Regarding Claim 12, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server comprises 
a functionality for establishing a security communication agreement with 
the protection server (Figure 8, numeral 105; and Column 7, line 46 to 
Column 8, line 24); and Yasala discloses that the intermediary proxy 
server comprises a functionality for establishing a security communication 
agreement with the protection server (Paragraphs 27-31). 

Regarding Claim 20, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the protection server storing means 
comprises at least three tables containing information about end user 
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specific data, personal profile data information and statistical data 
respectively (Figures 3-4; and Column 14, line 10 to Column 16, line 4). 
Regarding Claim 23, 

Steele discloses a method for protection of end user personal 
profile data in a communication system with a number of end user stations 
and a number of service/information/content providers, the method 
comprises the steps of: 

Providing communication an intermediary proxy server in 
communication with an end user station using a first communication 
protocol, to the protection server over a second communication protocol 
(Column 7, line 46 to Column 8, line 59); 

Providing a response from the protection server to the intermediary 
proxy server (Column 7, line 46 to Column 8, line 59); 

Allowing a service/information/content provider having accessed 
the protection server, to retrieve end user data and personal profile data 
according to a policy setting and end user privacy level over an API and a 
third communication protocol (Column 9, line 42 to Column 10, line 52; 
and Column 12, lines 4-16); and 

Authentication via certificates and/or SSL (Column 8, lines 1-24); 

But does not explicitly disclose the personal profile data protection 
server having a protection certificate and the verification of such 
certificate. 
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Yasala, however, discloses registering a certificate for an end user 
personal profile protection server with a trusted third party (Paragraphs 
27-31); 

Providing a request for the certificate from the intermediary proxy 
server to the protection server (Paragraphs 27-31); 

Providing a response from the protection server to the intermediary 
proxy server (Paragraphs 27-31); 

Verifying, in the intermediary proxy server, that the certificate is 
genuine, thereby belonging to the respective protection server and is 
registered with the trusted third party (Paragraphs 27-31); 

After confirmation that the protection server/certificate is genuine, 
allowing authenticated communications to commence (Paragraphs 27-31). 
It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the authentication and authorization 
system of Yasala into the trusted brokering system of Steele in order to 
provide strong mutual authentication and/or authorization of both entities 
such that a secure channel can be formed, while allowing each system to 
decide who it trusts and who it does not trust. 
Regarding Claim 24, 

Steele as modified by Yasala discloses the method of claim 23, in 
addition, Steele discloses establishing an end user personal profile data 
security agreement between the intermediary proxy server and the 
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protection server (Figure 8, numeral 105; and Column 7, line 46 to Column 
8, line 24); and Yasala discloses establishing an end user personal profile 
data security agreement between the intermediary proxy server and the 
protection server (Paragraphs 27-31). 
Regarding Claim 30, 

Steele as modified by Yasala discloses the method of claim 23, in 
addition, Steele discloses providing an API at the protection server, using 
the API for queries to the protection server from the 
service/information/content provider, providing responses over a third 
communication protocol to the service/information/content provider 
(Column 9, line 42 to Column 10, line 52; and Column 12, lines 4-16). 
Regarding Claim 31, 

Steele as modified by Yasala discloses the method of claim 30, in 
addition, Steele discloses storing data in a number of tables in the 
protection server relating to user specific data, end user personal profile 
data, and statistical data (Figures 3-4; and Column 14, line 10 to Column 
16, line 4). 
Regarding Claim 33, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server is located 
within a personal environment of the end user (Figure 8, numeral 105; and 
Column 7, line 46 to Column 8, line 24). 



Application/Control Number: 10/603,447 Page 11 

Art Unit: 2137 

Regarding Claim 34, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server is located 
within premises of the end user (Figure 8, numeral 105; and Column 7, 
line 46 to Column 8, line 24). 

Regarding Claim 35, 

Steele as modified by Yasala discloses the arrangement of claim 1 , 
in addition, Steele discloses that the intermediary proxy server is located 
within an intranet utilized by the end user (Figure 8, numeral 105; and 
Column 7, line 46 to Column 8, line 24). 

4. Claims 2, 7, 11, 14, 21, 22, 29, 32, 34, and 35 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Steele in view of Yasala, further in view of Gabber 
(U.S. Patent 5,961,593). 
Regarding Claim 2, 

Steele as modified by Yasala does not disclose that the first 
communication protocol is a secure protocol outside the user's computer. 

Gabber, however, discloses that the first communication protocol is 
a secure protocol outside the user's computer (Column 13, lines 15-53). It 
would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the proxy server system of Gabber into 
the trusted brokering system of Steele as modified by Yasala in order to 
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allow the user to obtain anonymous personalized browsing through a local 
proxy which the user trusts, thereby allowing the user to acquire 
personalized services without an entity outside the user's trusted space 
knowing the user's identity. 
Regarding Claim 7, 

Steele as modified by Yasala does not disclose that the 
intermediary proxy server is a proxy server outside the user's computer. 

Gabber, however, discloses that the intermediary proxy server is a 
HTTP proxy (Column 6, line 59 to Column 7, line 18; and Column 13, lines 
1 5-53). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the proxy server system of 
Gabber into the trusted brokering system of Steele as modified by Yasala 
in order to allow the user to obtain anonymous personalized browsing 
through a local proxy which the user trusts, thereby allowing the user to 
acquire personalized services without an entity outside the user's trusted 
space knowing the user's identity. 
Regarding Claim 11, 

Steele as modified by Yasala does not disclose that the 
intermediary proxy server is a proxy server outside the user's computer. 

Gabber, however, discloses that the intermediary proxy server is 
located within an intranet or at the operator's premises (Column 13, lines 
1 5-53). It would have been obvious to one of ordinary skill in the art at the 
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time of applicant's invention to incorporate the proxy server system of 
Gabber into the trusted brokering system of Steele as modified by Yasala 
in order to allow the user to obtain anonymous personalized browsing 
through a local proxy which the user trusts, thereby allowing the user to 
acquire personalized services without an entity outside the user's trusted 
space knowing the user's identity. 
Regarding Claim 14, 

Steele as modified by Yasala does not disclose that the user 
preferences related to privacy level are stored in the intermediary proxy 
server. 

Gabber, however, discloses that the user preferences related to 
privacy level are stored in the intermediary proxy server (Column 11, lines 
15-67; and Column 13, lines 15-53). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the proxy server system of Gabber into the trusted brokering system of 
Steele as modified by Yasala in order to allow the user to obtain 
anonymous personalized browsing through a local proxy which the user 
trusts, thereby allowing the user to acquire personalized services without 
an entity outside the user's trusted space knowing the user's identity. 
Regarding Claim 21, 

Steele as modified by Yasala does not explicitly disclose that the 
end user specific data and end user personal profile data are provided to 
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the service/information/content provider in such a manner that the end 
user cannot be traced by the service/information/content provider. 

Gabber, however, discloses that the end user specific data and end 
user personal profile data are provided to the service/information/content 
provider in such a manner that the end user cannot be traced by the 
service/information/content provider (Column 5, line 17 to Column 6, line 
17; Column 6, line 59 to Column 7, line 18; Column 11, lines 15-67; and 
Column 13, lines 15-53). It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to incorporate the proxy 
server system of Gabber into the trusted brokering system of Steele as . 
modified by Yasala in order to allow the user to obtain anonymous 
personalized browsing through a local proxy which the user trusts, thereby 
allowing the user to acquire personalized services without an entity 
outside the user's trusted space knowing the user's identity. 
Regarding Claim 22, 

Steele as modified by Yasala and Gabber discloses the 
arrangement of claim 21 , in addition, Gabber discloses that the protection 
server comprises means for pseudonymizing statistical information and 
personal profile information by using a unique pseudo for each URL of the 
service/information/content provider that is requested (Column 5, line 17 
to Column 6, line 17; Column 6, line 59 to Column 7, line 18; Column 1 1 , 
lines 15-67; and Column 13, lines 15-53). 
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Regarding Claim 29, 

Steele as modified by Yasala may not disclose that the end user 
preferences are stored in the end user station or in the intermediary proxy 
server, and in that they can be separately stored after confirmation of an 
agreement. 

Gabber, however, discloses that the end user preferences are 
stored in the end user station or in the intermediary proxy server, and in 
that they can be separately stored after confirmation of an agreement 
(Column 5, line 17 to Column 6, line 17; Column 6, line 59 to Column 7, 
line 18; Column 11, lines 15-67; and Column 13, lines 15-53). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the proxy server system of Gabber into 
the trusted brokering system of Steele as modified by Yasala in order to 
allow the user to obtain anonymous personalized browsing through a local 
proxy which the user trusts, thereby allowing the user to acquire 
personalized services without an entity outside the user's trusted space 
knowing the user's identity. 
Regarding Claim 32, 

Steele as modified by Yasala does not explicitly disclose 
pseudonymizing statistical data and profile information such that end user 
personal profile data cannot be associated or tied to the actual end user. 
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Gabber, however, discloses pseudonymizing statistical data and 
profile information such that end user personal profile data cannot be 
associated or tied to the actual end user (Column 5, line 17 to Column 6, 
line 17; Column 6, line 59 to Column 7, line 18; Column 11, lines 15-67; 
and Column 13, lines 15-53). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the proxy server system of Gabber into the trusted brokering system of 
Steele as modified by Yasala in order to allow the user to obtain 
anonymous personalized browsing through a local proxy which the user 
trusts, thereby allowing the user to acquire personalized services without 
an entity outside the user's trusted space knowing the user's identity. 
Regarding Claim 34, 

Steele as modified by Yasala does not disclose that the 
intermediary proxy server is a proxy server outside the user's computer. 

Gabber, however, discloses that the intermediary proxy server is 
located within premises of the end user (Column 13, lines 15-53). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the proxy server system of Gabber into 
the trusted brokering system of Steele as modified by Yasala in order to 
allow the user to obtain anonymous personalized browsing through a local 
proxy which the user trusts, thereby allowing the user to acquire 
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personalized services without an entity outside the user's trusted space 
knowing the user's identity. 
Regarding Claim 35, 

Steele as modified by Yasala does not disclose that the 
intermediary proxy server is a proxy server outside the user's computer. 

Gabber, however, discloses that the intermediary proxy server is 
located within an intranet utilized by the end user (Column 13, lines 15- 
53). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the proxy server system of 
Gabber into the trusted brokering system of Steele as modified by Yasala 
in order to allow the user to obtain anonymous personalized browsing 
through a local proxy which the user trusts, thereby allowing the user to 
acquire personalized services without an entity outside the user's trusted 
space knowing the user's identity. 

5. Claims 13, 15-17, and 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Steele in view of Yasala, further in view of P3P ("P3P 1 .0: A New 
Standard in Online Privacy", 9/13/2000, pp. 1-6). 
Regarding Claim 13, 

Steele discloses that the user preferences are stored in the end 
user station (Column 5, lines 31-43; and Column 7, line 24 to Column 8, 
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line 24); and Yasala discloses that the user preferences are stored in the 
end user station (Paragraphs 34-39). 

P3P also discloses that user preferences are stored in the end user 
station (Pages 1-5). It would have been obvious to one of ordinary skill in 
the art at the time of applicant's invention to incorporate the privacy 
standard of P3P into the trusted brokering system of Steele as modified by 
Yasala in order to allow the system to interoperate with other privacy 
systems that implement the P3P standard, and/or to inform the user of 
web site information policies. 

Regarding Claim 15, 

Steele as modified by Yasala and P3P discloses the arrangement 
of claim 13, in addition, P3P discloses that the user preferences relating to 
privacy level are stored in separate fast access storing means after 
completion of the security communication agreement (Pages 1-5). 

Regarding Claim 16, 

Steele as modified by Yasala and P3P discloses the arrangement 
of claim 15, in addition, Steele discloses that the protection server 
comprises an API allowing service/information/content provider control of 
site and page policies, and in that if an end user privacy level is increased, 
data below the privacy level is deleted (Column 4, line 56 to Column 5, 
line 43; Column 9, line 42 to Column 10, line 52; and Column 12, lines 4- 
16). 
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Regarding Claim 17, 

Steele as modified by Yasala and P3P discloses the arrangement 
of claim 16, in addition, Yasala discloses that the protection server 
provides certificates, and preferably signatures upon request by the 
intermediary proxy server (Paragraphs 27-31). 

Regarding Claim 25, 

Steele as modified by Yasala does not explicitly disclose that the 
agreement comprises a P3P agreement. 

P3P, however, discloses that the agreement comprises a P3P 
agreement (Pages 1-5). It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to incorporate the privacy 
standard of P3P into the trusted brokering system of Steele as modified by 
Yasala in order to allow the system to interoperate with other privacy 
systems that implement the P3P standard, and/or to inform the user of 
web site information policies. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey D. Popham whose telephone number is (571)- 
272-7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
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